Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72518
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29955 invoked from network); 12 Feb 2014 13:22:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Feb 2014 13:22:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.176 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.223.176 mail-ie0-f176.google.com  
Received: from [209.85.223.176] ([209.85.223.176:41341] helo=mail-ie0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3C/32-19387-C857BF25 for <internals@lists.php.net>; Wed, 12 Feb 2014 08:22:21 -0500
Received: by mail-ie0-f176.google.com with SMTP id tp5so5536950ieb.35
        for <internals@lists.php.net>; Wed, 12 Feb 2014 05:22:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=un572zhWSi3jK/ri/xoQzQY+XG73IofgwibRjawtfYg=;
        b=PySQ1T5iOhN5D2VY2MKShXEuawEttuyXhIs7D0M2R8LmxO2gEQEveAYqRRDCWzfz0s
         oCCQvTpqsZHq5RQALFqNv1mSMgDCHYxyE4eSg4PmMiZCSkQOvfai9rNmQKW1WTHVvMiW
         Qr6PbRWFrDOGYJCe23xjmX6Xds+fWrQ7YipWjBdlGO8QFeBULN/8LyRq8jUFbs0p3e5p
         9qiuqELo6FlWgmMTpSNzN9ofRbxr7nPyuYtrhnFguxQuk/APwARjyiVVGCqnp0jICrnM
         o41/A6sQ29rgaueOZhFVwGJ0zyYG65RrReRbGwR7w9YvL8SBiQCNYznZ8nv9uOyCXXtg
         juLw==
MIME-Version: 1.0
X-Received: by 10.50.78.229 with SMTP id e5mr3681891igx.49.1392211338431; Wed,
 12 Feb 2014 05:22:18 -0800 (PST)
Received: by 10.50.34.131 with HTTP; Wed, 12 Feb 2014 05:22:18 -0800 (PST)
Date: Wed, 12 Feb 2014 08:22:18 -0500
Message-ID: <CAH8MpnnjTyp=cPBk2BpYF8Rs0x-4kCXw2yWO2pxDuSiiwQ=xDA@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e013c64a24798b804f23576e1
Subject: Future TLS roadmap
From: rdlowrey@gmail.com (Daniel Lowrey)

--089e013c64a24798b804f23576e1
Content-Type: text/plain; charset=ISO-8859-1

FYI, these are things I plan to work on for the post-5.6 timeframe:

- Support for SNI in *servers* (currently only supported by clients)
- Support for DTLS (datagram client/server encryption)
- Mitigating the client-initiated renegotiation DoS vector in TLS servers

Most TLS changes could probably pass as "security fixes" and may be
feasible for 5.6 bugfix releases. The alternative is obviously to put them
in master and wait for 5.7. In any case we can cross that bridge when we
get there.

If people have other ideas/suggestions (or want to help) just let me know.

Daniel

--089e013c64a24798b804f23576e1--